To counter spyware, spam, viruses, and unauthorized network intrusions, companies must consolidate and automate. Sounds simple, but many companies still are recent converts to those practices.
For HNTB Corp., a large architectural and engineering firm, moving to an antivirus product with a central console to manage and impose security policies and monitor employees' system usage has dramatically improved the company's security performance. "We haven't had a major outbreak since we put this in place" nine months ago, information manager Travis O'Dell says. In fact, there have been no outbreaks of any kind. Previously, the company saw two or three over the same time period.
|
 |
They do at the AAA Reading-Berks office in Pennsylvania. The auto club's IT director, Peter Wallace, attacks spyware and viruses--which often enter a network as spam--in the same manner, by letting automated tools spot and fix problems. When spyware entered the vernacular, Wallace drew on his experience dealing with viruses to help shape his approach. A server in his office goes out and checks for updates to Computer Associates' eTrust Antivirus software. "I pull up the console, see how many machines are online, and update them as needed," he says. The number of viruses infecting systems has shrunk. "I just know I can sleep better at night because my server is updating in the middle of the night," he says.
The onslaught of spyware fractured some of that hard-won control over potential security holes. Wallace was spending most of his time last fall trying to keep spyware off the PCs that the auto club's 95 employees use. It slowed systems to a crawl and required Wallace and his single IT staffer to wipe machines clean, reload operating systems and applications, and reset user access rights. "The biggest pain was seeing a clean machine that was fine for a month, but then experiencing problems again," he says. During a bad week, the two-person team spent about 40 hours cleaning infected machines.
Since deploying CA's Pest Patrol, Wallace has cut the time he spends on spyware to 15 minutes a week. The software detects and removes spyware, so Wallace no longer has to pull customer-service agents' systems offline to fix problems. The greatest benefit is the impact on operations: fewer outages and fewer people needing to move off their systems while working with customers, Wallace says. Other vendors with spyware-fighting products include InterMute, Microsoft, and Webroot. Symantec also offers anti-spyware software, along with antivirus and anti-spam products.
Staff training and the support of company management are crucial in fighting all these threats, analyst Oltsik says. Employees need to understand what spyware is and how to avoid it. "Users and the help desk should know what to do when a PC gets flaky, and the training should be consistent and related to benefits," he says. "Any of these efforts need to involve the whole company."
Patch Properly
Patch management is moving into the automated era, too. The amount of time an IT security pro spends patching often depends on the number of patches Microsoft issues on the second Tuesday of each month and the impact they have on a business' IT infrastructure.
Patch Tuesday didn't used to be pleasant at OMD, a media buying and planning subsidiary of Omnicom Group Inc., network administrator Ryan Hudson says. "Before, we did patches manually. We'd have to upgrade a critical patch on all 100 servers, and it took more than a week to get to them all," he says. OMD tested patches before deployment, loading them onto a test LAN before installing them on live machines.
|
|
For Hudson, the new patching policies and technology have made Patch Tuesday much easier. "I don't have to think about patch management now," he says.
Given everything else that security pros do need to think about, that's a welcome relief.
Illustration by Steven Lyons
Criminal Intent: What, Me Worry?
and Lock The Doors